Gervase Markham wrote:
Does anyone know where I can find a definitive list of browsers for whom
SGC is helpful? That is to say, a list of browsers for which, if I
connected to a site with an SGC certificate, would provide a higher
grade of encryption than if I connected to an identical site with
Gervase Markham wrote:
I just came across this:
http://www.sslshopper.com/ssl-checker.html
Rather nice, particularly for people with intermediate cert chain
errors. It would be even better if there was an independent version of
such a tool, which could link you through to the fix it pages for
Hi,
I saw that a while ago but didn't report immediately about it, despite
it being very interesting.
So this site distribut a Firefox extension that can automatically report
if a server is using a weak key from the Debian Openssl vulnerability.
It now also detects the use of md5 :
On 20/1/09 01:22, Eddy Nigg wrote:
On 01/19/2009 12:52 PM, Ian G:
Mozilla is resolving disputes. It just hasn't said it, nor thought about
how it is doing it.
Well, it's my point that I think that Mozilla doesn't, hasn't and
shouldn't resolve disputes. However, continue below
* document
Yes, those browsers allowed SGC/Step-up only for a restricted list of
pre-installed root CA certificates.
Anyone have a list of the specific roots that are SGC enabled? Many
of them must be due for expiry soon.
Is the intent to renew/replace them with SGC super-powers, or to let
SGC fade
Hi all.
I'd like to know how can I change DHE key sizes with Firefox3.
I found the 1024 bits keys are used as DHE key irrespective of
SSL certificates when I captured communication packets from
between Firefox3 and Apache+OpenSSL.
-Which decide the DHE key size ?
e.g. SSL
On Jan 19, 3:22 pm, Gervase Markham g...@mozilla.org wrote:
I just came across this:http://www.sslshopper.com/ssl-checker.html
Rather nice, particularly for people with intermediate cert chain
errors. It would be even better if there was an independent version of
such a tool, which could link
srdavid...@gmail.com wrote, On 2009-01-20 11:48:
Yes, those browsers allowed SGC/Step-up only for a restricted list of
pre-installed root CA certificates.
Anyone have a list of the specific roots that are SGC enabled?
Many of them must be due for expiry soon.
SSL Step Up is different from
Nelson B Bolyard wrote:
In Mozilla products, no roots have ever been SGC enabled.
Some roots were, and still are, marked as trusted for SSL Step Up.
Here's a list.
Is the marking internal to or external to the cert? The fact that you
say no certs have ever been SGC-enabled makes me suspect
Robertss wrote:
Thanks for pointing this tool out. I actually helped create it. I
included a link to a page that explains why an error is given when an
Intermediate certificate cert is missing but I didn't include specific
instructions on how to fix it because each certificate provider is
Gervase Markham wrote, On 2009-01-20 20:33:
Nelson B Bolyard wrote:
In Mozilla products, no roots have ever been SGC enabled.
Some roots were, and still are, marked as trusted for SSL Step Up.
Here's a list.
Is the marking internal to or external to the cert? The fact that you
say no certs
Jean-Marc Desperrier wrote:
But by far the most interesting thing on the site is the list of ssl
sites that are *still* using compromised keys, established through that
extension :
http://www.codefromthe70s.org/sslblacklist-badcerts.aspx
Hmm. walmart.com is the big hitter on that list.
12 matches
Mail list logo
